On Fri, Oct 24, 2014 at 09:51:41AM +0200, Jakub Hrozek wrote:
On Thu, Oct 23, 2014 at 05:19:38PM -0700, Michael Lasevich wrote:
Small update, it appears that once I run getent group groupname - my
user shows up in the group groupname. Odd.
(and yes, I have ran sss_cache -UG many a time)
On 10/27/2014 06:13 AM, Innes, Duncan wrote:
Hi,
Have been using `ping` to test connectivity from our clients to the
various IPA servers around the WAN before running an ldapsearch to
pull some details about the client from the LDAP database.
Several new VLAN's have now come online that do not
On Mon, 27 Oct 2014 12:13:46 -
Innes, Duncan duncan.in...@virginmoney.com wrote:
Hi,
Have been using `ping` to test connectivity from our clients to the
various IPA servers around the WAN before running an ldapsearch to
pull some details about the client from the LDAP database.
Hi, all:
I have four servers (two in one location, two in another) running IPA 3.0 set
to replicate like so:
Location A Server 1 - - - - - - - - Location B Server 1
||
||
Ok after some more digging :
I found some warnings (see below)
Is any of these the cause for the error ?
Rob
snip
2014-10-27T13:56:13Z INFO Updating existing entry: cn=sudoers,cn=Schema
Compatibility,cn=plugins,cn=config
snip
2014-10-27T13:56:13Z WARNING remove:
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Monday, October 27, 2014 6:42 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] multi-master replication
On 10/25/2014 06:17 PM, Dmitri Pal wrote:
On 10/24/2014 07:15 PM,
On 10/27/2014 10:12 AM, Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Rich Megginson
*Sent:* Monday, October 27, 2014 6:42 AM
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] multi-master replication
On
On Mon, 27 Oct 2014 14:07:42 +
Trevor T Kates (Services - 6) trevor.t.ka...@dom.com wrote:
Hi, all:
I have four servers (two in one location, two in another) running IPA
3.0 set to replicate like so:
Location A Server 1 - - - - - - - - Location B Server 1
|
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: Monday, October 27, 2014 9:26 AM
To: Craig White; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] multi-master replication
On 10/27/2014 10:12 AM, Craig White wrote:
From:
Maybe fixed - seems to be replicating now...
https://bugzilla.redhat.com/show_bug.cgi?id=953653
Why don't they incorporate that into the released RHEL version?
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Craig White
Sent: Monday, October 27,
-Original Message-
From: Simo Sorce [mailto:s...@redhat.com]
Sent: Monday, October 27, 2014 12:30 PM
To: Trevor T Kates (Services - 6)
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Question About Properly Configuring DNS
On Mon, 27 Oct 2014 14:07:42 +
Trevor T
2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com:
On 26/10/14 21:39, John Obaterspok wrote:
Hi,
I enabled mkosek-freeipa repo for F20 and updated freeipa-server from
3.3.5 to 4.1. The yum update reported just a single error:
Could not load host key: /etc/ssh/ssh_host_dsa_key
On 27/10/14 18:53, John Obaterspok wrote:
2014-10-27 12:19 GMT+01:00 Martin Basti mba...@redhat.com
mailto:mba...@redhat.com:
On 26/10/14 21:39, John Obaterspok wrote:
Hi,
I enabled mkosek-freeipa repo for F20 and updated freeipa-server
from 3.3.5 to 4.1. The yum update
On Mon, 27 Oct 2014 17:50:13 +
Trevor T Kates (Services - 6) trevor.t.ka...@dom.com wrote:
-Original Message-
From: Simo Sorce [mailto:s...@redhat.com]
Sent: Monday, October 27, 2014 12:30 PM
To: Trevor T Kates (Services - 6)
Cc: freeipa-users@redhat.com
Subject: Re:
On 10/27/2014 01:41 PM, Craig White wrote:
Maybe fixed -- seems to be replicating now...
https://bugzilla.redhat.com/show_bug.cgi?id=953653
Why don't they incorporate that into the released RHEL version?
I think we did. Into 7.0.
*From:*freeipa-users-boun...@redhat.com
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Monday, October 27, 2014 11:22 AM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] multi-master replication
On 10/27/2014 01:41 PM, Craig White wrote:
Maybe fixed - seems to be
Hello Martin,
Still no go.
I installed the softhsm-devel package (that only contains header files),
removed the token directory, reinstalled the bind bind-pkcs11, did
ipa-dns-install that completed ok (I guess):
To accept the default shown in brackets, press the Enter key.
Existing BIND
On 27/10/14 19:57, John Obaterspok wrote:
Hello Martin,
Still no go.
I installed the softhsm-devel package (that only contains header
files), removed the token directory, reinstalled the bind
bind-pkcs11, did ipa-dns-install that completed ok (I guess):
To accept the default shown in
hmm... Could not connect to the Directory Server
So I started it with start-dirsrv since systemctl start ipa failed. Then
it was a breeze, ipa-dns-install worked fine.
# systemctl --failed
0 loaded units listed.
I haven't verified that it works, but I feel confident :)
-- john
2014-10-27
On 27/10/14 20:34, John Obaterspok wrote:
hmm... Could not connect to the Directory Server
So I started it with start-dirsrv since systemctl start ipa failed.
Then it was a breeze, ipa-dns-install worked fine.
# systemctl --failed
0 loaded units listed.
I'm lost, does IPA work or not?
are
Hello Martin,
It works perfectly again!
note, I noticed in /var/log/ipaserver-install.log that ipa-dns-installed failed
due to 389 wasn't started (failed to connect). Once it was started manually
the ipa-dns-installed worked fine.
Thanks a lot Martin,
-- john
2014-10-27 20:40 GMT+01:00
On 27/10/14 20:50, John Obaterspok wrote:
Hello Martin,
It works perfectly again!
note, I noticed in /var/log/ipaserver-install.log that
ipa-dns-installed failed due to 389 wasn't started (failed to
connect). Once it was started manually the ipa-dns-installed worked fine.
Thanks a lot
On 10/27/2014 12:41 PM, Craig White wrote:
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On Behalf Of *Dmitri Pal
*Sent:* Monday, October 27, 2014 11:22 AM
*To:* freeipa-users@redhat.com
*Subject:* Re: [Freeipa-users] multi-master replication
On
RHEL 6.5 - new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
Create a new group, click 'add users' and click the box on the top to select
all 45 users, click the arrows to move all of the users over and click 'Add' on
the bottom at which point it will lose
okay so this is working with the secure profile, thank you all, but I am
getting a ton of errors in my logs on the solaris clients like this:
Oct 27 13:08:51 dc2.ipadomain.com ldap_cachemgr[15004]: [ID 545954
daemon.error] libsldap: makeConnection: failed to open connection to
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Monday, October 27, 2014 1:39 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] multi-master replication
On 10/27/2014 12:41 PM, Craig White wrote:
From:
sipazzo wrote:
okay so this is working with the secure profile, thank you all, but I am
getting a ton of errors in my logs on the solaris clients like this:
Oct 27 13:08:51 dc2.ipadomain.com ldap_cachemgr[15004]: [ID 545954
daemon.error] libsldap: makeConnection: failed to open connection
On 10/27/2014 02:56 PM, Craig White wrote:
RHEL 6.5 – new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
Create a new group, click ‘add users’ and click the box on the top to
select all 45 users, click the arrows to move all of the users over
and click ‘Add’ on
Hello,
I'm rather at a loss here.
Everything seems to be running
ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
sorry for the xml formatting didn't realize it would mess up some mail
clients
The last bit of the message again
ipa-upgradeconfig gives the following :
[Verifying that root certificate is published]
Failed to backup CS.cfg: no magic attribute 'dogtag'
[Migrate CRL publish directory]
CRL tree
sipazzo wrote:
/var/ldap exists on both client and server and I was able to sudo to root and
generate the *.db files without getting the legacy database error. I scp'd
them to the hosts and restarted ldap_cachemgr but errors continued. I then
re-initialized the client and am still getting
Hi everyone..
Well, since the fun of getting 4.0.4 on CentOS 7 - and just removing the
branch of 10.2 PKI - that was easy. But trying to get 4.1 installed - it
complains about needing 10.2, so I am wondering if anyone has been
successful in this endeavor??
Thanks
~J
--
Manage your
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png@01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: Monday,
On 10/27/2014 04:43 PM, Craig White wrote:
Craig White
System Administrator
O623-201-8179 M602-377-9752
cid:image001.png@01CF86FE.42D51630
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
*From:*freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] *On
RHEL 6.5 - new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
On the master, I get nothing
[root@ipa001 log]# getent passwd admin
[root@ipa001 log]#
But it works on the replica as expected
[root@ipa002nadev01 ~]# getent passwd admin
On 10/27/2014 07:38 PM, Craig White wrote:
RHEL 6.5 -- new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
On the master, I get nothing
[root@ipa001 log]# getent passwd admin
[root@ipa001 log]#
But it works on the replica as expected
[root@ipa002nadev01 ~]#
On Mon, Oct 27, 2014 at 11:38:14PM +, Craig White wrote:
RHEL 6.5 - new install
ipa-server-3.0.0-42.el6.x86_64
389-ds-base-1.2.11.15-47.el6.x86_64
On the master, I get nothing
[root@ipa001 log]# getent passwd admin
We need to debug this one. I suspect DNS..
[root@ipa001 log]#
Running into same thing, but running ipa-dnsinstall does not complete:
=
Configuring DNS (named)
[1/8]: generating rndc key file
WARNING: Your system is running out of entropy, you may experience long
delays
[2/8]: setting up our own record
[3/8]: adding NS
38 matches
Mail list logo
